django admin panel login 403 error (csrf)

yumlusoft · March 21, 2022, 12:53pm

Hello, the error I get when I want to enter the admin panel is as follows:

Settings.py:

from pathlib import Path
    import os
    BASE_DIR = Path(__file__).resolve().parent.parent


    SECRET_KEY = '###'
    DEBUG = True

    ALLOWED_HOSTS = ['*','ip','domain.com']
    CSRF_TRUSTED_ORIGINS = ['http://domain.com']
    INSTALLED_APPS = [
      'django.contrib.admin',
      'django.contrib.auth',
      'django.contrib.contenttypes',
      'django.contrib.sessions',
      'django.contrib.messages',
      'django.contrib.staticfiles',
      "home",
      "upadmin",
      'django.contrib.sites',
      'django.contrib.sitemaps',
    
    ]

    SITE_ID = 1
    SESSION_COOKIE_SECURE = True
    CSRF_COOKIE_SECURE = True
    SESSION_EXPIRE_AT_BROWSER_CLOSE = True
    MIDDLEWARE = [
    
      'htmlmin.middleware.HtmlMinifyMiddleware',
      'htmlmin.middleware.MarkRequestMiddleware',
      'django.middleware.security.SecurityMiddleware',
      'django.contrib.sessions.middleware.SessionMiddleware',
      'django.middleware.common.CommonMiddleware',
      'django.middleware.csrf.CsrfViewMiddleware',
      'django.contrib.auth.middleware.AuthenticationMiddleware',
      'django.contrib.messages.middleware.MessageMiddleware',
      'django.middleware.clickjacking.XFrameOptionsMiddleware',
    ]
    ROOT_URLCONF = 'umy.urls'

    TEMPLATES = [
      {
          'BACKEND': 'django.template.backends.django.DjangoTemplates',
          'DIRS': [os.path.join(BASE_DIR, "templates")],
          'APP_DIRS': True,
          'OPTIONS': {
             'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
             ],
          },
      },
    ]

    WSGI_APPLICATION = 'umy.wsgi.application'



    DATABASES = {
       'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': BASE_DIR / 'db.sqlite3',
       }
    }
    AUTH_PASSWORD_VALIDATORS = [
      {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
      },
      {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
      },
      {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
      },
      {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
      },
    ]


    LANGUAGE_CODE = 'en'

    TIME_ZONE = 'Europe/Istanbul'

    USE_I18N = True

    USE_L10N = True

    USE_TZ = True

    STATIC_ROOT = "C:/inetpub/vhosts/domain.com/httpdocs/static/"
    #STATIC_ROOT = os.path.join(BASE_DIR, 'static')
    STATIC_URL = '/static/'

    #STATICFILES_STORAGE = 'whitenoise.storage.CompressedStaticFilesStorage'
    MEDIA_URL = '/media/'
    MEDIA_ROOT = os.path.join(BASE_DIR, 'media')

I got this problem when I uploaded my project to hosting, I’m using windows server

Sorry for my bad english, thanks in advance

KenWhitesell · March 21, 2022, 1:02pm

Be aware that the CSRF_TRUSTED_ORIGINS setting does not include subdomains by default. If you’re trying to access your site through https://www.domain.com/, then you need to include https://www.domain.com in that setting.

See CSRF_TRUSTED_ORIGINS

Also review CSRF_COOKIE_SECURE and SESSION_COOKIE_SECURE

yumlusoft · March 23, 2022, 11:19pm


from pathlib import Path
import os

BASE_DIR = Path(__file__).resolve().parent.parent


SECRET_KEY = 'key'


DEBUG = True
#DEBUG_PROPAGATE_EXCEPTIONS = True

ALLOWED_HOSTS = ['*','ip','domain.com']


# Application definition

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    "home",
    "upadmin",
    'django.contrib.sites',
    'django.contrib.sitemaps',
    
]

SITE_ID = 1
#SESSION_COOKIE_SECURE = True
#CSRF_COOKIE_SECURE = True
#SESSION_EXPIRE_AT_BROWSER_CLOSE = True
CSRF_COOKIE_SECURE = False
SESSION_COOKIE_SECURE = False
MIDDLEWARE = [
    
    'htmlmin.middleware.HtmlMinifyMiddleware',
    'htmlmin.middleware.MarkRequestMiddleware',
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

ROOT_URLCONF = 'umy.urls'

TEMPLATES = [
    {
        'BACKEND': 'django.template.backends.django.DjangoTemplates',
        'DIRS': [os.path.join(BASE_DIR, "templates")],
        'APP_DIRS': True,
        'OPTIONS': {
            'context_processors': [
                'django.template.context_processors.debug',
                'django.template.context_processors.request',
                'django.contrib.auth.context_processors.auth',
                'django.contrib.messages.context_processors.messages',
            ],
        },
    },
]

WSGI_APPLICATION = 'umy.wsgi.application'



DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.sqlite3',
        'NAME': BASE_DIR / 'db.sqlite3',
    }
}


AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]


LANGUAGE_CODE = 'en'

TIME_ZONE = 'Europe/Istanbul'

USE_I18N = True

USE_L10N = True

USE_TZ = True

STATIC_ROOT = "C:/inetpub/vhosts/domain.com/httpdocs/static/"
#STATIC_ROOT = os.path.join(BASE_DIR, 'static')
STATIC_URL = '/static/'

#STATICFILES_STORAGE = 'whitenoise.storage.CompressedStaticFilesStorage'
MEDIA_URL = '/media/'
MEDIA_ROOT = os.path.join(BASE_DIR, 'media')

I did the updates you said but I keep getting the same error

KenWhitesell · March 23, 2022, 11:33pm

First thing I’d try would be to remove the 3rd party middleware. Then I’d check the html rendered in the login page to ensure a CSRF token is present. Finally, I’d check the network tab in the browser to verify that the token is being submitted with the form.

Topic		Replies	Views
csrf verification error for django admin login Mystery Errors	8	26133	April 11, 2023
403 Forbidden on Admin Login page Mystery Errors	2	1242	December 10, 2022
Tutorial 2 Error: Forbidden - CSRF verification failed Getting Started	2	2069	February 15, 2022
Getting Forbidden (CSRF cookie not set.): while trying to login to Django Admin Page Mystery Errors	11	18334	May 2, 2023
I am getting error page after admin panel post: 403 not found Deployment	9	2383	November 14, 2023

django admin panel login 403 error (csrf)

Related Topics